diff options
author | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2016-12-09 15:22:42 +0200 |
---|---|---|
committer | Juan Antonio Osorio Robles <jaosorior@redhat.com> | 2017-03-09 11:08:41 +0000 |
commit | 1992282b88beed0df0a25e54b4bd92bbc3b1919f (patch) | |
tree | 42cdd6772364833cafb93d10b6fd93c506ad7864 /puppet/services/rabbitmq-internal-tls-certmonger.yaml | |
parent | 1f79a5b76c0ca54eb053862dc0231e59e082d968 (diff) |
Pass hieradata for internal TLS for RabbitMQ
As with other services, this passes the necessary hieradata to enable
TLS for RabbitMQ. This will mean (once we set it via puppet-tripleo)
that there will only be TLS connections, as the ssl_only option is being
used.
bp tls-via-certmonger
Change-Id: I960bf747cd5e3040f99b28e2fc5873ca3a7472b5
Depends-On: Ic2a7f877745a0a490ddc9315123bd1180b03c514
Diffstat (limited to 'puppet/services/rabbitmq-internal-tls-certmonger.yaml')
-rw-r--r-- | puppet/services/rabbitmq-internal-tls-certmonger.yaml | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/puppet/services/rabbitmq-internal-tls-certmonger.yaml b/puppet/services/rabbitmq-internal-tls-certmonger.yaml new file mode 100644 index 00000000..39d6b903 --- /dev/null +++ b/puppet/services/rabbitmq-internal-tls-certmonger.yaml @@ -0,0 +1,47 @@ +heat_template_version: ocata + +description: > + RabbitMQ configurations for using TLS via certmonger. + +parameters: + ServiceNetMap: + default: {} + description: Mapping of service_name -> network name. Typically set + via parameter_defaults in the resource registry. This + mapping overrides those in ServiceNetMapDefaults. + type: json + # The following parameters are not needed by the template but are + # required to pass the pep8 tests + DefaultPasswords: + default: {} + type: json + EndpointMap: + default: {} + description: Mapping of service endpoint -> protocol. Typically set + via parameter_defaults in the resource registry. + type: json + +outputs: + role_data: + description: RabbitMQ configurations for using TLS via certmonger. + value: + service_name: rabbitmq_internal_tls_certmonger + config_settings: + generate_service_certificates: true + tripleo::profile::base::rabbitmq::certificate_specs: + service_certificate: '/etc/pki/tls/certs/rabbitmq.crt' + service_key: '/etc/pki/tls/private/rabbitmq.key' + hostname: + str_replace: + template: "%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]} + principal: + str_replace: + template: "rabbitmq/%{hiera('fqdn_NETWORK')}" + params: + NETWORK: {get_param: [ServiceNetMap, RabbitmqNetwork]} + metadata_settings: + - service: rabbitmq + network: {get_param: [ServiceNetMap, RabbitmqNetwork]} + type: node |